From 75ecca9636b52818499780cd723d6b397fc3ccbb Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Wed, 17 Jul 2019 17:31:56 -0500 Subject: [PATCH 1/4] Update and rename configure-mssp-support-windows-defender-advanced-threat-protection.md to configure-mssp-support.md --- ...rotection.md => configure-mssp-support.md} | 30 ++++++++----------- 1 file changed, 12 insertions(+), 18 deletions(-) rename windows/security/threat-protection/windows-defender-atp/{configure-mssp-support-windows-defender-advanced-threat-protection.md => configure-mssp-support.md} (92%) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md similarity index 92% rename from windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md rename to windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md index 738c8f0548..7cf8f93bca 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md @@ -153,34 +153,28 @@ You'll need to create an application and grant it permissions to fetch alerts fr 2. Select **Azure Active Directory** > **App registrations**. -3. Click **New application registration**. +3. Click **New registration**. 4. Specify the following values: - Name: \ SIEM MSSP Connector (replace Tenant_name with the tenant display name) - - Application type: Web app / API - - Sign-on URL: `https://SiemMsspConnector` + - Supported account types: Account in this organizational directory only + - Redirect URI: Select Web and type `https:///SiemMsspConnector`(replace with the tenant name) -5. Click **Create**. The application is displayed in the list of applications you own. +5. Click **Register**. The application is displayed in the list of applications you own. -6. Select the application, then click **Settings** > **Properties**. +6. Select the application, then click **Overview**. -7. Copy the value from the **Application ID** field. +7. Copy the value from the **Application (client) ID** field to a safe place, you will need this on the next step. -8. Change the value in the **App ID URI** to: `https:///SiemMsspConnector` (replace \ with the tenant name. +8. Select **Certificate & secrets** in the new application panel. -9. Ensure that the **Multi-tenanted** field is set to **Yes**. - -10. In the **Settings** panel, select **Reply URLs** and add the following URL: `https://localhost:44300/wdatpconnector`. - -11. Click **Save**. - -12. Select **Keys** and specify the following values: +9. Click **New client secret**. - Description: Enter a description for the key. - Expires: Select **In 1 year** -13. Click **Save**. Save the value is a safe place, you'll need this +10. Click **Add**, copy the value of the client secret to a safe place, you will need this on the next step. ### Step 2: Get access and refresh tokens from your customer's tenant This section guides you on how to use a PowerShell script to get the tokens from your customer's tenant. This script uses the application from the previous step to get the access and refresh tokens using the OAuth Authorization Code Flow. @@ -249,9 +243,9 @@ After providing your credentials, you'll need to grant consent to the applicatio 6. Enter the following commands: `.\MsspTokensAcquisition.ps1 -clientId -secret -tenantId ` - - Replace \ with the Application ID you got from the previous step. - - Replace \ with the application key you created from the previous step. - - Replace \ with your customer's tenant ID. + - Replace \ with the **Application (client) ID** you got from the previous step. + - Replace \ with the **Client Secret** you created from the previous step. + - Replace \ with your customer's **Tenant ID**. 7. You'll be asked to provide your credentials and consent. Ignore the page redirect. From 4e98ea6b9bc79e43a0ac5b12b545f5186438f031 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Tue, 23 Jul 2019 17:58:57 -0500 Subject: [PATCH 2/4] Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../windows-defender-atp/configure-mssp-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md index 7cf8f93bca..caa236d9af 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md @@ -165,7 +165,7 @@ You'll need to create an application and grant it permissions to fetch alerts fr 6. Select the application, then click **Overview**. -7. Copy the value from the **Application (client) ID** field to a safe place, you will need this on the next step. +7. Copy the value from the **Application (client) ID** field to a safe place, you will need this in the next step. 8. Select **Certificate & secrets** in the new application panel. From eeec4a2b91423720fb99897c4fe7dd0dfe1eb5e9 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Tue, 23 Jul 2019 17:59:09 -0500 Subject: [PATCH 3/4] Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../windows-defender-atp/configure-mssp-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md index caa236d9af..c397e1ed61 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md @@ -174,7 +174,7 @@ You'll need to create an application and grant it permissions to fetch alerts fr - Description: Enter a description for the key. - Expires: Select **In 1 year** -10. Click **Add**, copy the value of the client secret to a safe place, you will need this on the next step. +10. Click **Add**, copy the value of the client secret to a safe place, you will need this in the next step. ### Step 2: Get access and refresh tokens from your customer's tenant This section guides you on how to use a PowerShell script to get the tokens from your customer's tenant. This script uses the application from the previous step to get the access and refresh tokens using the OAuth Authorization Code Flow. From 2171d57e65c7aa7c986f172e8ae47f8f4fef4d18 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Sun, 28 Jul 2019 07:42:08 -0500 Subject: [PATCH 4/4] Rename windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md to windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md --- .../configure-mssp-support.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename windows/security/threat-protection/{windows-defender-atp => microsoft-defender-atp}/configure-mssp-support.md (100%) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md similarity index 100% rename from windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md rename to windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md